Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

libpsx2-2.69-slfo.1.1.8 RPM for s390x

From OpenSuSE Leap 16.0 for s390x

Name: libpsx2 Distribution: SUSE Linux Framework One
Version: 2.69 Vendor: SUSE LLC <https://www.suse.com/>
Release: slfo.1.1.8 Build date: Fri Aug 23 16:58:29 2024
Group: System/Libraries Build host: s390zl38
Size: 38644 Source RPM: libcap-2.69-slfo.1.1.8.src.rpm
Packager: https://www.suse.com/
Url: https://sites.google.com/site/fullycapable/
Summary: Library for Capabilities (linux-privs) Support
Capabilities are a measure to limit the omnipotence of the superuser.
Currently a program started by root or setuid root has the power to do
anything. Capabilities (Linux-Privs) provide a more fine-grained access
control. Without kernel patches, you can use this library to drop
capabilities within setuid binaries. If you use patches, this can be
done automatically by the kernel.

Provides

Requires

License

BSD-3-Clause OR GPL-2.0-only

Changelog

* Tue May 16 2023 meissner@suse.com
  - updated to 2.69
    - An audit was performed on libcap and friends by https://x41-dsec.de/ (blog) . The audit (final report, 2023-05-10) was sponsored by the the Open Source Technology Improvement Fund, https://ostif.org/ (blog). Five issues were found. Four of them are addressed in this release. Each issue was labeled in the audit results as follows:
    - LCAP-CR-23-01 (SEVERITY) LOW (CVE-2023-2602) - found by David Gstir (bsc#1211418)
    - LCAP-CR-23-02 (SEVERITY) MEDIUM (CVE-2023-2603) - found by Richard Weinberger (bsc#1211419)
    - LCAP-CR-23-100 (SEVERITY) NONE
    - LCAP-CR-23-101 (SEVERITY) NONE
    - LCAP-CR-23-102 (SEVERITY) NONE
    - Man page style improvement from Emanuele Torre
* Thu Mar 30 2023 dmueller@suse.com
  - update to 2.68:
    * Force libcap internal functions to be hidden outside the library
    * Expanded the list of man page (links) to all of the supported API
      functions.
    * fixed some formatting issues with the libpsx(3) manpage.
    * Add support for a markdown preamble and postscript when generating
      .md versions of the man pages (Bug 217007)
    * psx package clean up
    * fix some copy-paste errors with TestShared()
    * added a more complete psx testing into this test as well
    * cap package clean up
    * drop an unnecessary use of ", _" in the sources
    * cleaned up cap.NamedCount documentation
    * Converted goapps/web/README to .md format and fixed the
      instructions to indicate go mod tidy is needed.
    * cap_compare test binary now cleans up after itself (Bug 217018)
    * Figured out how to cross compile Go programs for arm (i.e. RPi) that
      use C code, don't use cgo but do use the psx package
    * Eliminate use of vendor directory
* Fri Mar 24 2023 mliska@suse.cz
  - Enable LTO and add missing -ffat-lto-objects for the provided
    static libs.
* Fri Mar 24 2023 tiwai@suse.com
  - Revert LTO again; it still breaks builds
* Thu Mar 23 2023 mliska@suse.cz
  - Enable LTO as it works fine.
* Sat Feb 04 2023 dmueller@suse.com
  - update to 2.67:
    * Replace use of fgrep with grep -F (POSIX grep flags preferred by
      GNU grep) - patch from David Seifert.
    * Added SPDX identifiers to License file(s). Hopefully this will
      help the various robots out there correctly identify the
      longstanding licenses for libcap and friends. (Bug: 216609
      reported by Günther Noack)
    * Started down the rabbit hole of trying to address (Bug: 216610
      reported by Günther Noack on behalf of Michael Stapelberg)
    * The basic issue is how to link C code with Go psx without using
      CGo. This is all a low level hackery. If you are interested,
      browse the source.
    * Correct for bad whatis entries in man pages (this was throwing a
      Debian build test, detail)
    * Also reviewed man pages and addressed cross linkage issues (Bug:
    * Cleaned up some README.md files (made a github mirror now just so
      I can automatically render them).
    * Changed meaning of DYNAMIC=no builds.
      This now builds everything with static linking except for libc.
      The reason for this exception is explained in the commit message.
    * Inserted demonstration exploit code in capso.so to support
      article.
* Thu Sep 29 2022 dmueller@suse.com
  - update to 2.66:
    * Fix documentation typos in cap_from_text.3
    * Some getpcaps code clean up and a fix for PID argument parsing from Jakub
      Wilk.
    * Slightly more robust Makefiles to address an error with make -j48 test observed
    * Include a simple Go program, captrace, to trace kernel capability validation
      checks
    * This program can be used to figure out what capabilities a program needs to
      operate.
    * captrace (a wrapper for bpftrace) uses BPF kprobes to monitor the kernel for
      capability checks and whether or not they succeed for the system, a specific
      PID or a program's direct execution.
    * Trim down the default file capabilities for contrib/sucap/su to those actually
      needed and set USER and HOME environment variables so bash doesn't complain
      about a sourcing error.
* Fri Jul 22 2022 dmueller@suse.com
  - update to 2.65:
    * Fix syntax error in DEBUG build of protected code in setcap.c.
    * Prevent bash from reading the wrong startup files when the capsh --user=xxx
      argument is used to invoke a shell as the user xxx. This is done by capsh now
      changing the USER and HOME environment variables when --user is specified.
      The argument --noenv can be used to suppress this behavior to what used to be
      the problematic default. (Bug: 215926)
    * Improved documentation
* Tue Apr 12 2022 dmueller@suse.com
  - update to 2.64:
    * Fix memory leak in libpsx at program exit.
    * Be more resilient to CGo configuration with Go compiler when building tests.
    * Fix cap_*prctl() return code/errno handling.
    * Minor clarification to cap_get_pid() man page concerning pid
      value within namespaces.
* Fri Feb 25 2022 meissner@suse.com
  - Use "or" in the license tag to avoid confusion (bsc#1180073)
* Mon Jan 31 2022 dmueller@suse.com
  - update to 2.63:
    * restore errno to zero by the time main() is executed
    * Consistent psx handling (a panic) for syscalls that return thread dependent
      status Inconsistend behavior noticed by Lorenz Bauer
    * Add a test case for a deadlock under investigation in golang
    * Trim some of the #include file use to make the tree compile more
      efficiently
* Thu Dec 30 2021 dmueller@suse.com
  - update to 2.62:
    * Bug fix for Go package "cap" and launching
    * Build cleanups
    * Documentation updates: cap_max_bits has a man page entry
    * Recognize default securebits as a libcap mode: HYBRID
* Sun Nov 21 2021 andreas.stieger@gmx.de
  - libcap 2.61:
    * Better error handling of the numerical arguments for capsh and
      setcap
    * Fix executable mode for all of the .so files. There were two
      situations where this was failing (with a hard to debug SIGSEGV
      inside libc)
    * Added an example of a shared library object with its own file
      capability
    * Fix the top-level include for Make.Rules in the contrib/sucap
      example application
    * Add support for running constructors at libcap.so start up time
      when running as stand alone binary.
  - includes changes from 2.60:
    * Some build, code linting fixes, the addition of the
      cap_fill_flag() API and a memory latency optimization
    * General improvement in thread safety for libcap and cap package
    * Minor API change replacing libcap:cap_launch_*() void returning
      functions with int + errno status returns.
    * Added a cap_iab_dup(), and (*cap.IAB).Dup() to API
    * New features for capsh: --quiet, -+ and =+ arguments
  - add upstream signing key and verify source signature
* Tue Sep 28 2021 info@paolostivanin.com
  - update to 2.59:
    * Fixed a potential libcap memory leak by adding a destructor
    * Major improvement is that there is a path for Linux-PAM compliant
      applications to support setting Ambient vector Capabilities via pam_cap.so now
    * Added libcap cap_proc_root() API function
    * Added color support to captree
    * Fixed contrib/sucap/su to correctly handle the Inheritable flag
    * capsh enhancements
    * getcap -r / now generates readable output
    * The shared library objects: pam_cap.so, libcap.so and libpsx.so, are all now
      runnable as standalone binaries
    * The module pam_cap.so now contains support for a default=<IAB> module argument
    * Enhanced capsh --suggest to also compare against the capability value names
      and not just their descriptions
    * Added capsh --current support
    * Added a contrib/sucap/su.c pure-capabilities PAM implementation of su
    * Fix for a corner case infinite loop handling long strings
    * Added libcap cap_iab_compare() and cap_iab_get_pid() APIs
    * Added a Go utility, captree, to display the process (and thread) graph along with
      the POSIX.1e and IAB capabilities of each PID{TID} tree.
* Sat Jul 17 2021 dmueller@suse.com
  - update to 2.51:
    * Fix capsh installation
    * Add an autoauth module flag to pam_cap.so
    * Unified libcap/cap (Go) and libcap (C) default generation of external format binary data
    * API enhancement cap_fill() and (*cap.Set).Fill() - to permit copying one
      capability flag to another.
    * --explain=cap_foo: describe what cap_foo does
    * --suggest=phrase: search all the cap descriptions and describe those that match the phrase
    * Add "keepcaps" module argument support to pam_cap.so (reported by Zoltan Fridrich. Bug 212945)
    * extend libcap to include cap_prctl() and cap_prctlw() functions to regain
      feature parity with Go "cap" package. These are only needed when linking
      against -lpsx for keepcaps POSIX semantics.
    * this likely requires substantial application changes to make Ambient
      capability support usable in general, but doing our part for the admin.
    * Add a test case for recent kernel fix
    * Go pragma fix for convenience functions in "cap" module
* Wed Jun 02 2021 christophe@krop.fr
  - Fix a broken symlink. libcap-devel installs libpsx.so but
    didn't install the library it's pointing to.
* Fri Apr 16 2021 tiwai@suse.de
  - Add explicit dependency on libcap2 with version to libcap-progs
    (bsc#1184690)
* Mon Mar 22 2021 dmueller@suse.com
  - update to 2.49:
    * Implement cap_func_launcher() and cap.FuncLauncher().
    * More robust "psx" redirection for nocgo compilation - the documentation for
      the cgo implementation is now included in the nocgo one because the go.dev
      automated documentation builds the docs from the nocgo version.
    * Lots of documentation cleanups and added a few man pages: for IAB and
      Launching.
    * Some general no-op License changes that might cause folk to notice but only
      for formatting reasons. These were initially inspired by some lawyerly
      interactions, but I ended up rolling back half of them because they
      confused automated software infrastructure.
* Tue Feb 09 2021 dmueller@suse.com
  - update to 2.48:
    * More uniform use of $(MAKE) in Makefiles
    * No longer include symlinks in the git tree
    * Provide support for make GOLANG=no ...
    * Provide support for pointing at a specific build of the go binary
    * camelCase the contrib/seccomp/explore.go program
    * A number of documentation fixes to man pages and source code comments
    * Last use of GO major version 0
* Wed Jan 27 2021 dmueller@suse.com
  - update to 2.47:
    * Restructured gowns to default to uid base of getuid().
    * Augment NOPRIV libcap mode with the sticky NO_NEW_PRIVS prctl bit.
    * Improve the usage and diagnostic message for setcap
    * Documentation fixes, license declarations, example updates
* Mon Jan 04 2021 dmueller@suse.com
  - update to 2.46:
    * The bulk of this release concerns fixes and improvements to libpsx
    * Fix the capsh == argument handling and add a test case
    * Added build support for systems that do not support libpthread
    * Added build support for not building shared libraries
* Sat Nov 14 2020 dmueller@suse.com
  - update to 2.44:
    Generally, this is a release to help package builders: no functional change
    to any of the generated code just documentation and make related fixes.
* Wed Sep 02 2020 dmueller@suse.com
  - update to 2.43
    * Linus' kernel tree defines CAP_CHECKPOINT_RESTORE (40) so support it.
    * Fix the creation of the $(FAKEROOT)$(LIBDIR) for split install targets
    * Clean up a binary from the distribution
    * Added some more release time checks for non-git tracked files.
    * Fix a deadlock in libpsx that surfaced with a set of compiler optimizations by removing the psx wrapping harder.
* Thu Aug 06 2020 info@paolostivanin.com
  - Update to version 2.42:
    * Closed a potential issue with "libcap/psx" Go package and errno
    * Documentation updates
    * Minor optimization for cap_to_text() and (*cap.Set).String()
    * Discovered and added a missing function (*cap.Set).SetNSOwner() to achieve parity with libcap
    * Multiple fixes
    * Support Go module abstraction
    * A new kernel capability: CAP_BPF
    * Better support for cross-compilation
    * pam_cap now honors PAM_REINITIALIZE_CRED
    * implements cap_launch functionality
* Sat Feb 15 2020 tiwai@suse.de
  - Update to version 2.32:
    * Bug fix for fakeroot incompatibility (boo#1162014)
    * Slight perf improvement for cap_get_bound().
    * C++ support for psx header inclusion.
    * Some new testing features for capsh
* Tue Jan 28 2020 tiwai@suse.de
  - Update to version 2.31:
    * primarily a documentation update
    * fix libpam.pc to not require libpsx.pc
    * changed the text format of the default output of getpcap
* Mon Jan 13 2020 mpluskal@suse.com
  - Build using -ffat-lto-objects for static library
* Thu Jan 09 2020 mpluskal@suse.com
  - Update to version 2.30 (jsc#SLE-17092, jsc#ECO-3460):
    * BUGFIX: arm and i386 fixes C and Go setgroups choice - used
      wrong syscall in 2.29.
    * cleaned up make clean and make install to actually work as
      intended
    * updated Gentoo libpsx.pc file from Lars Wendler
    * refactored the way libpsx linkage with libcap performed mutual
      discovery.
    * Previously (2.28) libpsx had an API call overridden by libcap
      using weak linkage function in libpsx. In 2.30 this is reversed,
      namely libpsx provides the stronger function and libcap has a
      weak "no-op" version.
    * a bit more consistency in handling the 'all' sets in libcap
      (C) and libcap/cap (Go). Namely, they both dynamically discover
      the number of capabilities named by the kernel and use this as
      the definition of 'all' for the current runtime.
      + libcap (C) exports cap_max_bit() to export the number of
      supported capabilities
      + libcap/cap (Go) exports cap.MaxBits() for this same value.
  - For changes for older releases see:
    * https://sites.google.com/site/fullycapable/release-notes-for-libcap
  - Add glibc-static-devel as build requirement as tests need it
  - Install libpsx.a as it seems to be needed in some cases:
    * https://bugs.gentoo.org/703912
* Mon Dec 16 2019 matthias.gerstner@suse.com
  - Remove pam_cap (bsc#1150522) since this PAM module is a bad idea, security
    wise.
* Thu Feb 22 2018 fvogt@suse.com
  - Use %license (boo#1082318)
* Tue Jan 31 2017 matwey.kornilov@gmail.com
  - Enable PAM pam_cap.so module
* Sun Jan 01 2017 jengelh@inai.de
  - RPM group association fix
* Mon Aug 29 2016 dimstar@opensuse.org
  - Update to versison 2.25:
    + Recover gperf detection in make rules.
    + Man page typo fix.
    + Tweak make rules to make packaging more straightforward.
    + Fix error explanation in setcap.
    + Drop need to link with libattr. It turns out libcap wasn't
      actually using any code from that library, so linking to it was
      superfluous.
  - Drop libcap-nolibattr.patch: fixed upstream.
  - No longer add %{buildroot} to all variables for make install the
    Makefile learned about the meaning of DESTDIR.
* Sat Jan 31 2015 p.drouand@gmail.com
  - Update to version 2.24
    * Fix compilation problems (note to self, make distclean && make,
      before release)
    * Some make rule changes to make uploading a release to kernel.org
      easier for me.
    * Tidied up some documented links.
  - Update libcap-nolibattr.patch
  - Add pkg-config build requirement; libcap now provides a pkgconfig
    file
  - Clean up specfile
  - Move libraries and binaries to /usr because of #UsrMove
* Thu Jun 19 2014 crrodriguez@opensuse.org
  - libcap-nolibattr.patch Do not link to libattr, it is
    a bogus dependency. application uses sys/xattr from libc.
* Fri Feb 01 2013 coolo@suse.com
  - update license to new format
* Tue Sep 20 2011 aj@suse.de
  - Cleanup specfile a bit: Remove old tags.
* Tue Sep 20 2011 aj@suse.de
  - Update to libcap 2.22
  - libcap 2.22 includes:
    * Clarified License file (with version 2 of the GPL)
    * Support getting/setting capabilities on large files
    * After --chroot command, change working directory to "/".
  - libcap 2.21 includes:
    * Introduce cap_get_bound() and cap_drop_bound() functions.
      also include a macro CAP_IS_SUPPORTED(cap) for capabilities
  - libcap 2.20 includes:
    * Latest kernel capabilites supported: now includes CAP_SYSLOG
    * $(CFLAGS) Makefile fixes
    * Default to installing setcap with an inheritable capability.
* Thu Dec 02 2010 meissner@suse.de
  - updated to libcap-2.19
    * more stuff in capsh.c
    * sys/capability.h header clean up and fixes.
* Thu Dec 02 2010 meissner@suse.de
  - fixed build on ppc64 (needs to get linux/types.h included first).
* Mon Jun 28 2010 jengelh@medozas.de
  - use %_smp_mflags
* Wed Jun 09 2010 chris@computersalat.de
  - fix deps for fdupes
* Sat Dec 12 2009 jengelh@medozas.de
  - add baselibs.conf as a source
* Wed Mar 18 2009 tiwai@suse.de
  - fix a typo in the previous patch (__le64) (bnc#487453)
  - don't define __u32 & co if _LINUX_TYPES_H is defined (bnc#487453)
* Tue Mar 10 2009 tiwai@suse.de
  - fix build error on i386 due to missing __u64 definition in
    sys/capability.h
* Wed Jan 07 2009 tiwai@suse.de
  - updated to libcap-2.15:
    * Makefile fixes
  - updated to libcap-2.16:
    * stop using sed for parsing capability.h
* Mon Oct 27 2008 tiwai@suse.de
  - updated to libcap-2.14:
    * add -v mode to setcap
  - updated to libcap-2.13:
    * fix a corner case of cap_to_text()
  - updated to libcap-2.12:
    * man page fixes
    * remove never used codes for sysfs check
* Wed Oct 22 2008 mrueckert@suse.de
  - fix debug_packages_requires define
* Wed Aug 06 2008 tiwai@suse.de
  - updated to libcap-2.11:
    * makefile fixes, minor clean-ups
    * fix cap_copy_int(), new cap_get_pid() and cap_compare()
    * fix cap_copy_ext()
  - fix build with libcap-2.11.
* Sun Aug 03 2008 ro@suse.de
  - fix requires for debuginfo package
* Wed Jun 11 2008 tiwai@suse.de
  - updated to libcap-2.10:
    v3 capabilities, documantation fixes, misc fixes
* Wed Apr 23 2008 tiwai@suse.de
  - updated to libcap-2.08
    properly supporting the recent 2.6 kernels
* Thu Apr 10 2008 ro@suse.de
  - added baselibs.conf file to build xxbit packages
    for multilib support
* Mon Apr 16 2007 tiwai@suse.de
  - follow library packaging policy
    * move docs to devel package
    * move binaries and man pages to progs sub package
    * fix *.so symlink in libdir
* Wed Jan 24 2007 tiwai@suse.de
  - fix the access over array range in cap_extint.c (#237943).
* Tue Dec 19 2006 tiwai@suse.de
  - update to libcap-1.10 to support fscaps (#229722, FATE#301748)
* Wed May 24 2006 schwab@suse.de
  - Don't strip binaries.
* Thu May 11 2006 tiwai@suse.de
  - fix invalid calls of free() (#174561)
* Wed Jan 25 2006 mls@suse.de
  - converted neededforbuild to BuildRequires
* Fri Aug 19 2005 kukuk@suse.de
  - Create -devel subpackage
* Thu Jun 23 2005 meissner@suse.de
  - use RPM_OPT_FLAGS.
* Wed May 25 2005 tiwai@suse.de
  - fixed memory leak (#85659)
* Wed Jan 19 2005 tiwai@suse.de
  - fixed compile warnings with gcc-4.0.
* Thu Mar 25 2004 thomas@suse.de
  - added EAL3 man-page patch
* Tue Jan 27 2004 kukuk@suse.de
  - Remove capget.2/capset.2 from package (version from man-pages
    is newer).
* Sun Jan 11 2004 adrian@suse.de
  - add %run_ldconfig
* Mon Feb 24 2003 schwab@suse.de
  - Don't include kernel headers, instead copy the contents here.
* Thu Feb 06 2003 garloff@suse.de
  - Avoid inclusion of glibc's linux/fs.h (it's broken) [#23324].
  - Use BuildRoot.
* Wed Nov 27 2002 coolo@suse.de
  - link the library with the compiler so the depedencies
    are tracked correctly (#21996)
* Tue Sep 17 2002 ro@suse.de
  - removed bogus self-provides
* Wed Sep 04 2002 sf@suse.de
  - fix biarch error (added patch to Make.Rules)
* Sun Aug 11 2002 kukuk@suse.de
  - Remove kernel-source from neededforbuild
* Sat Apr 20 2002 garloff@suse.de
  - Include capfaq-0.2.txt
  - Disable syscall wrapper (capset/capget); it's defined in glibc.
* Sat Apr 20 2002 garloff@suse.de
  - Compile syscall wrapper without -fPIC
* Tue Apr 09 2002 ro@suse.de
  - apply gcc-3 fixes only for gcc-3
* Mon Mar 25 2002 stepan@suse.de
  - remove -ansi, as it forbids inline. (gcc3)
  - use -fpic for building libraries (gcc3)
* Wed Sep 05 2001 ro@suse.de
  - updated neededforbuild and updated specfile (man and doc relocation)
* Tue Sep 28 1999 garloff@suse.de
  - Initial check in of libcap.
  - Kernel patches are provided within the docdir.

Files

/usr/lib64/libpsx.so.2
/usr/lib64/libpsx.so.2.69
/usr/share/licenses/libpsx2
/usr/share/licenses/libpsx2/License


Generated by rpm2html 1.8.1

Fabrice Bellet, Tue Nov 12 00:24:29 2024